• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Microsoft Fancy Dances When Activision Plays a Tune

In order to convince the European Commission it should be allowed to acquire Activision Blizzard, Microsoft is sampling some humble pie. Android Authority reports, “Microsoft Admits Xbox vs PlayStation War Is Over and It Lost.” Write Ryan McNeal tells us:

“The EU’s European Commission has announced in a press release that it has opened up an in-depth investigation into Microsoft’s proposed acquisition of Activision Blizzard. This investigation was activated after the proposed deadline EU regulators set back in September when the deal was first being looked into. According to the press release, the new inquiry now has 90 working days — until March 23, 2023 — to make a decision. The Commission claims that it is concerned Microsoft’s acquisition could upset the balance in the market, causing a reduction in competition.”

Specifically, the commission suspects Microsoft might make successful PlayStation games like “Call of Duty” into Xbox-only titles. Heavens no, the company insists, it promises to make games available on both platforms simultaneously. This is all about giving the people greater access to games, a representative asserts. And here we thought it was all about creating a distraction. McNeal continues:

“Since the first time it hit a snag with European regulators, Microsoft has attempted to utilize an underdog strategy to delegitimize Sony’s arguments against the deal. In response to today’s investigation announcement, Microsoft attempted to drive that talking point home by admitting that Sony is the market leader.”

Will this self-effacing logic work? We should find out by the end of March. Nota bene: Our team thinks that the push for Activision was possibly a way to deflect attention from some interesting Microsoft security issues. Games are big money, but the issue of Teams in Microsoft 365 may be an even more sensitive issue.

Cynthia Murrell, November 29, 2022

LinkedIn Helps Users Spot Fake Accounts it Lets Slip Through

Fake LinkedIn accounts are a fact of life. One might wonder how it is a professional social media site does not require member verification. It seems like a must have, but then LinkedIn is a Microsoft property after all. Now the site is making at least a show of doing something about the issue. No, not increasing efforts to prevent or remove fake profiles; don’t be silly. This is a case of user beware. According to CNN, “LinkedIn Knows There Are Fake Accounts on Its Site. Now It Wants to Help Users Spot Them.” Reporter Clare Duffy writes:

“LinkedIn is rolling out to some users the opportunity to verify their profile using a work email address or phone number. That verification will be incorporated into a new, ‘About this Profile’ section that will also show when a profile was created and last updated, to give users additional context about an account they may be considering connecting with. If an account was created very recently and has other potential red flags, such as an unusual work history, it could be a sign that users should proceed with caution when interacting with it. The verification option will be available to a limited number of companies at first, but will become more widely available over time, and the ‘About this Profile’ section will roll out globally in the coming weeks, according to the company. The platform will also begin alerting users if a message they have received seems suspicious — such as those that invite the recipient to continue the conversation on another platform including WhatsApp (a common move in crypto currency-related scams) or those that ask for personal information.”

We are told detecting and removing bots or fake accounts is just too tricky and subjective to expect LinkedIn to get it right. It is funny how “empowering users” often translates to “passing the buck.” So for those who must use LinkedIn, just remember it is up to you to verify others are who they say they are.

Cynthia Murrell, November 11, 2022

A Flashing Yellow Light for GitHub: Will Indifferent Drivers Notice?

I read “We’ve Filed a Law­suit Chal­leng­ing GitHub Copi­lot, an AI Prod­uct That Relies on Unprece­dented Open-Source Soft­ware Piracy. Because AI Needs to Be Bair & Eth­i­cal for Every­one.” The write up reports:

… we’ve filed a class-action law­suit in US fed­eral court in San Fran­cisco, CA on behalf of a pro­posed class of pos­si­bly mil­lions of GitHub users. We are chal­leng­ing the legal­ity of GitHub Copi­lot (and a related prod­uct, OpenAI Codex, which pow­ers Copi­lot). The suit has been filed against a set of defen­dants that includes GitHub, Microsoft (owner of GitHub), and OpenAI.

My view of GitHub is that it presents a number of challenges. On one hand, Microsoft is a pedal-to-the-metal commercial outfit and GitHub is an outfit with some roots in the open source “community” world. Many intelware solutions depend on open source software. In my experience, it is difficult to determine whether cyber security vendors or intelware vendors offer software free of open source code. I am not sure the top dogs in these firms know. Big commercial companies love open source software because these firms see a way to avoid the handcuffs proprietary code vendors use for lock in and lock down without a permission slip. These permissions can be purchased. This fee irritates many of the largest companies which are avid users of open source software.

A second challenge of GitHub is that it serves bad actors in two interesting ways. Those eager to compromise networks, automate phishing attacks, and probe the soft underbelly of companies “protected” by somewhat Swiss Cheese like digital moats rely on open source tools. Second, the libraries for some code on GitHub is fiddled so that those who use libraries but never check too closely about their plumbing are super duper attack and compromise levering vectors. When I was in Romania, “Hooray for GitHub” was, in my opinion, one of the more popular youth hang out disco hits.

The write up adds a new twist: Allegedly inappropriate use of the intellectual property of open source software on GitHub. The write up states:

As far as we know, this is the first class-action case in the US chal­leng­ing the train­ing and out­put of AI sys­tems. It will not be the last. AI sys­tems are not exempt from the law. Those who cre­ate and oper­ate these sys­tems must remain account­able. If com­pa­nies like Microsoft, GitHub, and OpenAI choose to dis­re­gard the law, they should not expect that we the pub­lic will sit still. AI needs to be fair & eth­i­cal for every­one.

This issue is an important one. The friction for this matter is that the US government is dependent on open source to some degree. Microsoft is a major US government contractor. A number of Federal agencies are providing money to companies engaged in strategically significant research and development of artificial intelligence.

The different parties to this issue may exert or apply influence.

Worth watching because Amazon- and Google-type companies want to be the Big Dog in smart software. Once the basic technology has been appropriated, will these types of companies pull the plug on open source support and god cloud commercial? Will attorneys benefit while the open source community suffers? Will this legal matter mark the start of a sharp decline in open source software?

Stephen E Arnold, November 9, 2022

Microsoft and Security: Customers! Do Better

I have a hunch that cyber security is like Google in the early 2000s. Magic, distractions, and blather helped disguise the firm’s systems and methods for generating revenue. Now (November 4, 2022) the cyber security sector may be taking a page or two from the early Google game plan. Who can blame the cyber security vendors, all 3000 to 7000 of them in the US alone. The variance is a result of the methodology of the business analysts answering the question, “How many companies are chasing commercial, non profit, and government prospects. Either number makes it clear that cyber security is a very big business.

Now stick with me: What operating system and office software is used by about two thirds of the organizations in the United States. The answer, if I can believe the data from my research team, is close enough for horse shoes. Personally, I would peg the penetration of Microsoft software at closer to 90 percent, but let’s go with the 67 percent, plus or minus five percent. That means that cyber security vendors have to provide security for companies already obtaining allegedly secure software and services from Microsoft.

With cyber crime, breaches, zero days, etc, etc going up with dizzying speed, what’s the message I carry away? The answer is, “Cyber security is not working.”

I read “Microsoft Warns Businesses to Up Their Security Game against These Top Threats.” The article then identifies security as a problem. The solution, if I understand the article, is:

Microsoft suggests throughout the MDDR that organizations implement a number of its products into its tech stack to protect against and deal with threats, such as its Security Service Line for support throughout a ransomware attack, and Microsoft Defender for Endpoint for cloud-based protection.

If you are not familiar with MDDR the acronym stands for the Microsoft Digital Defense Report. Presumably Microsoft’s crack security experts and the best available cyber consultants crafted the methods summarized in the article.

The irony is that Microsoft’s own products and services create a large attack surface. Microsoft’s own security tools seem to have chinks, cracks, and gaps which assorted bad actors can exploit.

Net net: Perhaps Microsoft should do security better. Aren’t customers buying solutions which work and do in a way that protects business information and processes? Perhaps less writing about security and more doing security could be helpful?

Stephen E Arnold, November 7, 2022

Microsoft Downplays Revelation of Massive Data Leak

Microsoft customers have reason to be annoyed despite the company’s insistence there is nothing to see here. “Microsoft Under Fire After Leaking 2.4TB of Data from Customers Including Contracts, Emails, and More,” reveals Tech Times. Citing a report by cybersecurity firm SOCRadar, writer Joseph Henry tells us:

“According to SOCRadar post, 2.4TB of confidential data from more than 65,000 entities has been leaked because of the misconfiguration in the data bucket. The cybersecurity firm confirms that the data involved in the leak include State of Work (SoW) documents, PII (Personally Identifiable Information) data, Proof-of-Execution (PoE) data, customer emails, project details, product offers, and more. SOCRadar also notes that the above mentioned data spanned five years, particularly from 2017 to August 2022. It should be noted that Microsoft did not include the number of affected customers in its announcement. Unfortunately, instead of acknowledging SOCRadar’s finding, the Redmond giant downplayed the statement by disapproving of its post. Microsoft added that its investigation showed that no customer accounts were compromised in the process.”

Really? What a stroke of good fortune. Henry goes on to share some customer comments regarding the data leak as collected by Ars Technica. Apparently few are reassured by the company’s insistence SOCRadar is exaggerating. If nothing else, some note, this incident highlights Microsoft’s policy of retaining sensitive information in perpetuity. That is not exactly a security best practice. See the SOCRadar post for its description of the misconfiguration that caused this kerfuffle and its potential ramifications.

Which big tech giant will be the next one to get an F in security? My hunch is that it is Amazon’s turn to lose the game of cyber security musical chairs.

Cynthia Murrell, November 1, 2022

Microsoft Goggle Chunder

I can resist. I read “Microsoft’s Army Goggles Left U.S. Soldiers with Nausea, Headaches in Test.” I am not too familiar with the training drills for US military personnel. Some create some discomfort. I can here “no pain, no pain” and other friendly, supportive, positive comments.

The write up explains:

U.S. soldiers using Microsoft’s new goggles in their latest field test suffered “mission-affecting physical impairments” including headaches, eyestrain and nausea, according to a summary of the exercise compiled by the Pentagon’s testing office.

How long did it take to create the interesting side effects? Less than three hours.

The trigger for the chunder is Microsoft’s innovation Integrated Visual Augmentation System. I wonder if the acronym or code for the gizmos will be ZUCK which rhymes with upchuck? Probably not.

One government official who works in procurement allegedly said:

the service “conducted a thorough operational evaluation” and “is fully aware” of the testing office’s concerns. The Army is adjusting the program’s fielding and schedule “to allow time to develop solutions to the issues identified…”

One of the issues may be the illumination of the gizmo itself. If true, is this a device designed by those who love science fiction movies or engineers with expertise in warfighting gear? My hunch is that the video game and motion picture aficionados outnumber the combat seasoned on the headgear team.

Bolting a weapon on a robot dog might be an alternative in my opinion.

Will more information be forthcoming? My hunch is that the next report will contain more positive information. F35 pilots seem to be doing okay with their new immersive helmets. Are pilots different from other military professionals?

What if the F35 helmet approach is better than the Softies who continue to struggle with getting printers to work in a way users expect?

Stephen E Arnold, October 19, 2022

Want a Cyber Security Job But Know Zero? Will a Fake LinkedIn Profile Help You?

LinkedIn has unwittingly become a vector for the spread of false information. Krebs on Security reports, “Fake CISO Profiles on LinkedIn Target Fortune 500s.” A slew of fake LinkedIn profiles mysteriously appeared for Chief Information Security Officers purportedly serving at high-profile companies. Some were entirely original fabrications, but at least one lifted a description from the actual CISO’s profile. See the write-up for screenshots of a few offending profiles.

Who is fooled? Organizations looking for cybersecurity professionals. And not just on LinkedIn. Apparently other sources unwittingly perpetuated the lies, sources like Google Search, Apollo.io, Signalhire, Cybersecurity Ventures, and Cybercrime Magazine’s CISO 500 list. Whoever is behind the effort must have been delighted. It was apparently Honeywell’s former CISO Rich Mason who first noticed the trend and sounded the alarm. Krebs notes:

“Again, we don’t know much about who or what is behind these profiles, but in August the security firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at crypto currency firms. None of the profiles listed here responded to requests for comment (or to become a connection). In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down.”

We are sure they are. The article suggests some ways the site could make things easier on themselves in the future. Maybe even catch and remove such fabrications before they make it to other media channels. We are told:

“LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a ‘created on’ date for every profile. Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications. The former CISO Mason said LinkedIn also could experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer. … Mason said LinkedIn also needs a more streamlined process for allowing employers to remove phony employee accounts.”

It is unlikely that we’ve seen the last of this tactic. LinkedIn should bolster its safeguards and streamline its reporting process. Meanwhile, other sources must learn to verify information they find on the site. Safeguarding one’s reputation for accurate data should be worth the effort.

Cynthia Murrell, October 17, 2022

Microsoft Teams and Sensitive Information

I read a somewhat unusual analysis of Microsoft Teams security. “Microsoft Teams Users Are Using It for a Really Bad Reason, So Stop Now” presents some data about Teams’ users and their sending information over the system. Now the purpose of Teams and similar conferencing software is to exchange information. Therefore, access to Teams sessions and the data exchanged while using the using may have some value to certain individuals if such access were available.

Okay, now let’s look at some of the numbers in the write up:

• 45 percent of those in the sample (who knows how many were in the sample by the way?) “admit to sending confidential and sensitive information frequently via Microsoft Teams.” Now let’s think about this. Does this mean that 55 percent of those using Teams do not provide “confidential or sensitive information”? Is this a measure of productivity which Teams enhances?
• 51 percent were found to be “sharing business critical information.” I am not sure I understand the distinctioin between “sensitive” and “business critical. The idea that half of those using Teams don’t share important data.
• 56 percent believe training is needed.

Net net: Microsoft may have to do more than silence Teams’ blowhards. See “Microsoft Is Working Hard to Shut Up the Egotistical Blowhard on Your Team.”

Stephen E Arnold, October 15, 2022

Russia: Inconsistent Cyber Attack Capabilities

Do you remember that Microsoft’s president Brad Smith opined that the SolarWinds’ misstep required about 1,000 engineers? I do. Let’s assume those engineers then turned their attention to compromising Ukraine as part of a special military operation.

“Failure of Russia’s Cyber Attacks on Ukraine Is Most Important Lesson for NCSC” presents information I found interesting about Mr. Smith’s SolarWinds’ remark. [The NCSC is the United Kingdom’s National Cyber Security Council.’

Here’s the key passage from the write up:

Ukrainian cyber defences, IT security industry support and international collaboration have so far prevented Russian cyber attacks from having their intended destabilising impact during Russia’s invasion of Ukraine.

The write up also points out that a cyber content marketing campaign designed to undermine Ukraine’s leadership was also not effective.

Okay, but, Mr. Smith said that Russia was able to coordinate the efforts of 1,000 individuals to breach SolarWinds’ security and create considerable distress among some in commercial enterprises and other organizations.

How could Ukraine resist this type of capable force? I have no idea. I prefer to flip the information around and ask, “Why did SolarWinds’ security yield so easily?” Did Russia put more effort into breaching SolarWinds than fighting a kinetic war? Yeah, sure it did.

Maybe the 1,000 programmer idea was hand waving and blame shifting? Microsoft cannot make printers work. Why would Microsoft security be much better?

Stephen E Arnold, September 2022

Microsoft Teams: Ho Ho Ho

That Microsoft Teams is something. I refuse to use it. Others have to use it. I am happy with Zoom. I am fortunate. I can dictate what video tool I use. You? No. Too bad. I try not to think about Teams. I admit to sending my son notices of new Teams’ features, and he has a great sense of humor and sends me smiley faces as a reply. I am not sure he is smiling inside, however.

I noted that Teams popped up in a link to a YCombinator discussion “Why Is Microsoft Teams Still So Bad?.” The comments are informative and interesting; for example:

• Roydivision says: Random crashing.
• Classified says: Once the bean counters discover that you can make money with a piece of software, the game is over.
• M4lvin says: In Germany (or maybe whenever the system language is German) Microsoft decided that everyone should have a Ferris wheel and a bezel in their task bar because now it is Oktoberfest in Munich. Seriously? I think we have reached spam-as-an-operating-system.
• Yawnxyz says: Microsoft product suites are like the Olive Garden of the product world.
• Cyberge99 says: I think Teams also offers more capabilities to Enterprise users. I’ve been on a few teams calls with people on the call that are not visible in the attendee list.

What’s interesting is that:

1. People complain but organizations use Microsoft products due to pricing, compliance, institutional momentum, security assertions, familiarity, etc. (Does this mean “monopoly”?)
2. Microsoft seems to be assembling a communications equivalent to Word; that is, many features, some of which do not work or cannot be located by a user not intimately familiar with the application. (Is this terminal featuritis?)
3. Microsoft’s assertions to the media are not fact checked; otherwise, the comments in the cited thread might be less creditable. (Does science fiction count as a technology deliverable?)

I found the question interesting, but the comments speak more effectively than an equivalent number of TikToks. Viva Teams!

Stephen E Arnold, September 30, 2022

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Telegram Speed Dates a Bad Actor: Pavel Durov and Judgment or Lack Thereof
  • Amazon Twitch: Losing Social Traction of the Bezos Bulldozer
  • eGames Were Supposed to Spin Cash Forever
  • Google and Job Security? What a Hoot
  • The Thought Process May Be a Problem: Microsoft and Copilot Fees

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org